Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/ac214b-3772-4810-9206-b92b094f3a3c/1/XPkovunJ2mYG9xru2HKfkrigcMA.roa
File: XPkovunJ2mYG9xru2HKfkrigcMA.roa (raw, json)
Hash identifier: ZBoNLDdsfMiH4Qvw9YL8Os7NUZ9E42iEu1OMEgsfl7U=
Subject key identifier: 5C:F9:28:BE:E9:C9:DA:66:06:F7:1A:EE:D8:72:9F:92:B8:A0:70:C0
Certificate issuer: /CN=3651cea5ace77f4d7f4dd282f10ab9cb0ee4d1ec
Certificate serial: 019424B2B273263A12AEC13630559DD2502F
Authority key identifier: 36:51:CE:A5:AC:E7:7F:4D:7F:4D:D2:82:F1:0A:B9:CB:0E:E4:D1:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NlHOpaznf01_TdKC8Qq5yw7k0ew.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e0/ac214b-3772-4810-9206-b92b094f3a3c/1/XPkovunJ2mYG9xru2HKfkrigcMA.roa
Signing time: Thu 02 Jan 2025 01:47:58 +0000
ROA not before: Thu 02 Jan 2025 01:47:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15600
IP address blocks: 193.163.186.0/24 maxlen: 24
2a10:f540::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b2:b2:73:26:3a:12:ae:c1:36:30:55:9d:d2:50:2f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3651cea5ace77f4d7f4dd282f10ab9cb0ee4d1ec
Validity
Not Before: Jan 2 01:47:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5cf928bee9c9da6606f71aeed8729f92b8a070c0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:9f:0f:c3:16:0e:9e:a5:08:7e:bb:f9:1d:32:
af:da:b1:a7:83:4b:90:83:2b:85:89:5c:79:8d:47:
6f:b1:09:36:0f:6b:04:dd:c9:46:b9:d7:2f:79:6f:
e3:7b:98:69:c8:f7:f4:3a:c1:88:ed:06:10:8e:fe:
37:11:f3:9d:53:10:a9:fc:7d:5c:07:a9:7c:72:75:
ee:e9:e3:6c:c0:02:00:43:3c:30:78:65:0e:dc:86:
52:71:d7:e9:fe:dc:46:70:3b:52:86:22:6f:62:e2:
e1:07:4d:d5:d6:b5:72:ee:95:6c:54:76:d4:46:72:
c2:3c:93:70:04:c7:01:4d:f8:4a:b3:00:0c:20:88:
c0:62:1c:d7:86:13:ad:17:bb:c4:ed:7b:36:12:7b:
0d:bd:6e:ba:f6:9f:5b:2b:c4:10:7b:d8:78:95:37:
ff:cb:58:fd:3c:f2:ee:e5:76:97:7f:cc:a4:37:50:
65:22:76:b0:82:16:8e:6d:66:da:67:7c:88:e5:32:
3b:0d:03:65:22:77:32:b6:d1:db:c6:7c:74:58:71:
94:5d:bf:06:1d:51:f5:d3:d6:e8:64:6d:8f:13:76:
86:ee:1b:ad:ad:4a:24:13:c1:ac:1e:b2:6c:61:b3:
df:eb:0f:12:e0:0b:ef:f2:fc:9f:12:e2:51:30:de:
8d:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:F9:28:BE:E9:C9:DA:66:06:F7:1A:EE:D8:72:9F:92:B8:A0:70:C0
X509v3 Authority Key Identifier:
keyid:36:51:CE:A5:AC:E7:7F:4D:7F:4D:D2:82:F1:0A:B9:CB:0E:E4:D1:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NlHOpaznf01_TdKC8Qq5yw7k0ew.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/ac214b-3772-4810-9206-b92b094f3a3c/1/XPkovunJ2mYG9xru2HKfkrigcMA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/ac214b-3772-4810-9206-b92b094f3a3c/1/NlHOpaznf01_TdKC8Qq5yw7k0ew.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.163.186.0/24
IPv6:
2a10:f540::/29
Signature Algorithm: sha256WithRSAEncryption
9b:f4:29:8e:2c:ad:4d:88:b4:62:83:f9:9a:c2:41:2e:3a:dd:
50:20:68:04:5f:e8:49:ac:22:10:02:ea:e1:13:08:63:9d:60:
cc:00:41:c0:a0:37:cb:6c:ac:b5:7b:eb:fe:25:55:15:15:51:
5d:1f:7e:a9:20:c9:19:99:34:ab:3d:03:d1:5f:b0:4b:c7:32:
b2:23:eb:5e:14:f4:01:55:1d:24:d3:25:d8:9b:0f:f2:4d:8a:
0e:26:81:cf:b2:58:2e:18:c0:97:f9:7a:a9:9c:ae:68:9a:34:
24:fb:eb:a1:26:f9:dc:57:90:ba:90:08:98:c6:41:dc:16:9e:
9a:9f:13:0b:2c:74:0a:bb:72:cd:05:26:3c:c5:15:bd:1e:82:
ad:40:a8:f4:07:37:ad:53:35:ab:57:7e:31:2a:77:b9:52:86:
17:c9:db:23:d4:44:85:8e:2e:ec:18:5a:8f:2b:2b:1b:78:55:
b8:ae:01:d6:6f:ed:8d:a1:82:21:a0:c6:c7:1a:4d:c3:e3:e5:
92:f2:16:99:98:5f:02:de:90:0b:1f:6d:3b:e9:17:46:fd:e8:
46:8f:a2:f9:4e:ac:11:54:ce:1c:40:a8:86:fb:13:e1:9b:7e:
c6:61:e8:1a:18:31:49:fe:af:90:55:3b:78:4e:e8:87:ba:27:
eb:44:1e:37
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQksrJzJjoSrsE2MFWd0lAvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2NTFjZWE1YWNlNzdmNGQ3ZjRkZDI4MmYxMGFiOWNiMGVl
NGQxZWMwHhcNMjUwMTAyMDE0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2Y5MjhiZWU5YzlkYTY2MDZmNzFhZWVkODcyOWY5MmI4YTA3MGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm58PwxYOnqUIfrv5HTKv2rGng0uQ
gyuFiVx5jUdvsQk2D2sE3clGudcveW/je5hpyPf0OsGI7QYQjv43EfOdUxCp/H1c
B6l8cnXu6eNswAIAQzwweGUO3IZScdfp/txGcDtShiJvYuLhB03V1rVy7pVsVHbU
RnLCPJNwBMcBTfhKswAMIIjAYhzXhhOtF7vE7Xs2EnsNvW669p9bK8QQe9h4lTf/
y1j9PPLu5XaXf8ykN1BlInawghaObWbaZ3yI5TI7DQNlIncyttHbxnx0WHGUXb8G
HVH109boZG2PE3aG7hutrUokE8GsHrJsYbPf6w8S4Avv8vyfEuJRMN6NTwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFz5KL7pydpmBvca7thyn5K4oHDAMB8GA1UdIwQY
MBaAFDZRzqWs539Nf03SgvEKucsO5NHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmxIT3Bhem5mMDFfVGRLQzhRcTV5dzdrMGV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9hYzIxNGItMzc3Mi00ODEwLTkyMDYt
YjkyYjA5NGYzYTNjLzEvWFBrb3Z1bkoybVlHOXhydTJIS2ZrcmlnY01BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9hYzIxNGItMzc3Mi00ODEwLTkyMDYtYjkyYjA5NGYzYTNj
LzEvTmxIT3Bhem5mMDFfVGRLQzhRcTV5dzdrMGV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwaO6MA0E
AgACMAcDBQMqEPVAMA0GCSqGSIb3DQEBCwUAA4IBAQCb9CmOLK1NiLRig/mawkEu
Ot1QIGgEX+hJrCIQAurhEwhjnWDMAEHAoDfLbKy1e+v+JVUVFVFdH36pIMkZmTSr
PQPRX7BLxzKyI+teFPQBVR0k0yXYmw/yTYoOJoHPslguGMCX+XqpnK5omjQk++uh
JvncV5C6kAiYxkHcFp6anxMLLHQKu3LNBSY8xRW9HoKtQKj0BzetUzWrV34xKne5
UoYXydsj1ESFji7sGFqPKysbeFW4rgHWb+2NoYIhoMbHGk3D4+WS8haZmF8C3pAL
H2076RdG/ehGj6L5TqwRVM4cQKiG+xPhm37GYegaGDFJ/q+QVTt4TuiHuifrRB43
-----END CERTIFICATE-----
Generated at Fri Apr 11 21:28:42 2025 by rpki-client